Technical Role
SOC staff monitor information systems for alarms and conditions to prevent, detect and manage cyber-attacks and other IT security incidents. They normally follow processes and procedures based on information security management and computer security incident management. They often employ tools such as network discovery and vulnerability assessment systems; governance, risk and compliance (GRC) systems; web site assessment and monitoring systems, application and database scanners; penetration testing tools; intrusion detection systems (IDS); intrusion prevention system (IPS); log management systems; security information and event management (SIEM); network behavior analysis and denial of service monitoring; wireless intrusion prevention system; firewalls, enterprise antivirus and unified threat management (UTM).
The SOC typically scans applications and identifies security vulnerabilities and their potential business impact. The SOC works with the application business owners and IT staff to ensure understanding and help them appropriately correct weaknesses before they are exploited. The SOC also monitors applications to identify a possible cyber-attack or intrusion (event) and determine if it is a real, malicious threat (incident), and if it could have business impact. The SOC manages incidents for the enterprise, ensuring they are properly identified, analyzed, communicated, actioned/defended, investigated and reported.
SOC engineers and watch officers are seasoned information and communication systems professionals. They are usually trained in computer engineering, cryptography, network engineering, or computer science and are credentialed (e.g. Certified Information Systems Security Professional (CISSP) from (ISC)², GIAC from SANS, or Certified Information Security Manager (CISM) from ISACA).
SOCs usually are well protected with physical, electronic, computer, and personnel security. Centers are often laid out with desks facing a video wall, which displays significant status, events and alarms; ongoing incidents; a corner of the wall is sometimes used for showing a news or weather TV channel, as this can keep the SOC staff aware of current events which may have an impact on information systems. The back wall of the SOC is often transparent, with a room attached to this wall which is used by team members to meet while able to watch events unfolding in the SOC. Individual desks are generally assigned to a specific group of systems, technology or geographic area. A security engineer or security technician may have several computer monitors on their desk, with the extra monitors used for monitoring the systems covered from that desk.
Read more about this topic: Security Operations Center (computing)
Famous quotes containing the words technical and/or role:
“Where there is the necessary technical skill to move mountains, there is no need for the faith that moves mountains.”
—Eric Hoffer (1902–1983)
“The role of the stepmother is the most difficult of all, because you can’t ever just be. You’re constantly being tested—by the children, the neighbors, your husband, the relatives, old friends who knew the children’s parents in their first marriage, and by yourself.”
—Anonymous Stepparent. Making It as a Stepparent, by Claire Berman, introduction (1980, repr. 1986)